CVE-2024-8176 Information

Description

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references libexpat can be forced to recurse indefinitely exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or in some cases exploitable memory corruption depending on the environment and library usage.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://github.com/libexpat/libexpat/issues/893

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5